Nothing Special   »   [go: up one dir, main page]

CN109274502B - Method and device for creating public key encryption and key signature and readable storage medium - Google Patents

Method and device for creating public key encryption and key signature and readable storage medium Download PDF

Info

Publication number
CN109274502B
CN109274502B CN201811300417.4A CN201811300417A CN109274502B CN 109274502 B CN109274502 B CN 109274502B CN 201811300417 A CN201811300417 A CN 201811300417A CN 109274502 B CN109274502 B CN 109274502B
Authority
CN
China
Prior art keywords
hash
public key
key
signature
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811300417.4A
Other languages
Chinese (zh)
Other versions
CN109274502A (en
Inventor
安德鲁.威廉.罗斯科
陈邦道
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Crosbil Ltd
Original Assignee
Crosbil Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Crosbil Ltd filed Critical Crosbil Ltd
Priority to CN201811300417.4A priority Critical patent/CN109274502B/en
Publication of CN109274502A publication Critical patent/CN109274502A/en
Application granted granted Critical
Publication of CN109274502B publication Critical patent/CN109274502B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method for creating a public key encryption and a key signature for a block chain, which comprises the following steps: step S101, a function is constructed, so that the data are encrypted under a public key, a party with a converter creates a message, only a receiver using the public key can decrypt the message, and only a corresponding secret key which cannot be obtained from public key calculation can be used for decrypting the message, so that the public key encryption creation of a block chain is realized; step S102, selecting a secret value different from the secret value created by encryption of the public key for realizing the block chain, sharing the secret value for all converters and being unknown by other parties, and checking whether the signature format is correct and/or whether the signature is equal to another signature obtained by other modes by the verification agent through Hash operation and verification steps. Corresponding apparatus and readable storage media are also disclosed, the technical solution of the present disclosure securely exchanges keys using only symmetric encryption and hash functions, thereby creating cryptographic proof of authenticity, integrity and non-repudiation in a basic and efficient manner, without reverse engineering.

Description

Method and device for creating public key encryption and key signature and readable storage medium
Technical Field
The present invention relates to the field of block chain technologies, and in particular, to a method and an apparatus for creating a public key encryption and a key signature, and a readable storage medium.
Background
The Shor algorithm is very important, and can be used for breaking a widely used public key encryption method, namely an RSA encryption algorithm, under the condition that a quantum computer is used, the RSA algorithm is based on the assumption that a known integer cannot be effectively decomposed, the Shor algorithm shows the problem of factorization, and the problem can be effectively solved on the quantum computer, so that the RSA can be broken by the quantum computer which is large enough. At present, the Shor algorithm has greatly promoted the development of quantum computers and also promoted the realization of the quantum computers in physics. The algorithm cannot ensure that a correct result can be obtained in each operation, but the success probability of the experiment can be increased by increasing the number of the experiment, and the algorithm belongs to a random algorithm.
The security of public key cryptosystems depends mainly on the mathematical problem on which the construction algorithm relies, which requires the cryptographic function to have one-way, i.e. inversion difficulties, so that it is not feasible for the cryptanalyst to derive the secret key from the public key to the present computational power.
Public key cryptography is a method of encrypting data under the public key of an agent, the result of which can only be decrypted using a corresponding secret key that is nearly impossible to obtain from a public key calculation. We have traditionally thought that this is calculated by smart mathematical functions that naturally fit this specification, however, we need to be careful that the quantum computation varies, and we do not actually know exactly what the function can achieve. With the advent of the quantum computing age, the way the world maintains its own security has become an important issue, and much research has focused on signatures and asymmetric cryptographic systems that are not vulnerable to quantum computer attacks. However, these do not directly solve the problem, as these obviously do not provide a clear alternative. Furthermore, most work has been devoted to lattice-based cryptography, which is considered to be the most promising asymmetric cryptographic solution, however it does not use basic cryptography, without increasing the complexity of the scheme.
It is generally recognized that standard cryptographic hashing methods are or can be made less vulnerable and have sufficiently strong symmetric cryptosystems, such as AES. Reasonable schemes would prefer to follow the basic principles of cryptography with the addition of simple and realizable technological supplements.
Disclosure of Invention
In view of the above technical problems, the present disclosure proposes a public key encryption and key signature creation method, device and readable storage medium that securely exchange keys using only symmetric encryption and a hash function, thereby creating a proof of cryptology of authenticity, integrity and non-repudiation in a basic and very efficient manner, allowing the creation of devices that use public keys for encryption and decryption by secret keys, or devices that create and verify signatures created using keys, which simple encryption devices cannot be successfully reverse engineered.
The conception of the invention is as follows: the solution provided by the invention avoids the risk that the asymmetric encryption method adopted in the encryption process is cracked by a quantum computer, a converter is adopted, an encryption calculation program enc, a decryption calculation program dec, a secret value mk and other necessary programs are arranged in the converter, the secret value mk is arranged in all the converters needing to transmit information and keeps consistent, and the value is unknown to other parties, so that the safety problem of key transmission in the symmetric encryption method is avoided. Such a converter may be used not only for blockchain encryption but also for other encryption applications. In order to adopt the public key encryption mode, the invention also provides a method, which expands the functions of the converter, adds another secret value ms which is only known by the converter and is kept consistent in different converters, provides an expanded encryption calculation program enc and a decryption calculation program dec, and realizes the verification of the public key and other related encryption applications.
In one aspect of the present disclosure, a method for creating a public key encryption and key signature for a blockchain is provided, including:
step S101, a function is constructed, so that data are encrypted under a public key, a party with a converter creates a message, only a receiver corresponding to the used public key can decrypt the message, and only a corresponding secret key which cannot be obtained from public key calculation can be used for decryption, and therefore public key encryption creation of a block chain is achieved;
step S102, selecting a secret value different from the secret value created by encryption of the public key for realizing the block chain, sharing the secret value for all converters and being unknown by other parties, and checking whether the signature format is correct and/or whether the signature is equal to another signature obtained by other modes by the verification agent through Hash operation and verification steps.
In some embodiments, the function is provided to the user as a complete software package, denying an attacker the opportunity to bypass decomposing the function, and leaving a portion of the public key with the secret value in the complete software package so that the public key cannot be self-reconstructed.
In some embodiments, a converter is used to perform a plurality of secure key agreement methods using either a self-generated entropy method or a user-generated entropy method that includes hashing entropy to prevent attacks by intermediaries.
In some embodiments, for a protocol developed last, the self-generated entropy method and the user-dependent method of generating entropy each include: the entropy is subjected to Hash operation to prevent the attack of an intermediate party.
In some embodiments, the step S101 includes: for users A and B who try to agree on the key, they own a converter respectively, and the transmission starts with A sending out a negotiation signal to B, B randomly generating a secret number N in real timeBRear pair of NBHash operation is carried out to obtain hash (N)B) And transmitted to A; a generates X and performs an encryption calculation using a transformer, V ═ enc (hash (mk, hash (N))B) Hash (x)); a transfers V value to B, B transfers V value and NBThe values are input to the converter which performs decryption to calculate dec (hash (mk, hash (N)B) V), the calculation should be equal to hash (x), a and B finally confirm the key hash (x) by agreeing on the public trust channel with hash (x), where mk is the master key known to all converters, others cannot know it, enc and dec are the encryption and decryption functions used for symmetric keys in converters.
In some embodiments, all communications, including the final confirmation, may be completed over the Dolev-Yao network.
In some embodiments, the converter has the function of calculating the complex function required for a and B.
In some embodiments, B will hash (N)B) As a one-time or multi-time public key again, if B is in the same type of exchange, the hash (N)B) The secret key N can be obtained as a one-time or multi-time public key without changing the functionB
In some embodiments, the step S102 includes: to sign X, enter X and private key sk and output enc (hash (ms, hash (sk)), X); performing verification through the public key pk, wherein the verification comprises the following steps: inputting Y and public key pk, and outputting dec (hash (ms, pk), Y). The verification agent checks whether the format of the signature X is correct and/or the signature X is equal to a signature X known by other means; ms is another key that all converters know, and others cannot know the master key, and ms must be distinguished from the master key mk, enc and dec being encryption and decryption functions for symmetric keys in the converters.
In some embodiments, the step of verifying is also used to break encryption.
In some embodiments, an easy-to-compute function f is employed for symmetric encryption, such that dec (k,) is the same as enc (f (k,), unless f is constant or contains a large number of k, the angle of attack can be eliminated using a hash operation.
In another aspect of the present disclosure, there is also provided a creating apparatus for public key encryption and key signature of a blockchain, including a processor, wherein the processor is operable to:
constructing a function, so that the data is encrypted under a public key, a party with a converter creates a message, only a receiver corresponding to the used public key can decrypt the message, and only a corresponding secret key which cannot be obtained from public key calculation can be used for decrypting the message, thereby realizing the public key encryption creation of a block chain;
and selecting a secret value different from the secret value created by encrypting the public key for realizing the block chain, sharing the secret value by all converters, wherein the secret value cannot be known by other parties, and through Hash operation and verification steps, the verification agent checks whether the signature format is correct and/or whether the signature is equal to another signature known by other modes.
In some embodiments, the function is provided to the user as a complete software package, denying an attacker the opportunity to bypass decomposing the function, and leaving a portion of the public key with the secret value in the complete software package so that the public key cannot be self-reconstructed.
In some embodiments, a converter is used to perform a plurality of secure key agreement methods using either a self-generated entropy method or a user-generated entropy method that includes hashing entropy to prevent attacks by intermediaries.
In some embodiments, for a protocol developed last, the self-generated entropy method and the user-dependent method of generating entropy each include: the entropy is subjected to Hash operation to prevent the attack of an intermediate party.
In some embodiments, the letterThe number of the components comprises: for users A and B trying to agree on the key, A sends out a negotiation signal to B, and B randomly generates a secret number N in real timeBRear pair of NBHash operation is carried out to obtain hash (N)B) And transmitted to A; a generates X and performs an encryption calculation using a transformer, V ═ enc (hash (mk, hash (N))B) Hash (x)); a transfers V value to B, B transfers V value and NBThe values are input to the converter which performs decryption to calculate dec (hash (mk, hash (N)B) V), the calculation should be equal to hash (x), a and B finally confirm the key hash (x) by agreeing on the public trust channel with hash (x), where mk is the master key known to all converters, others cannot know it, enc and dec are the encryption and decryption functions used for symmetric keys in converters.
In some embodiments, all communications including the final acknowledgement are in
Done on a Dolev-Yao network.
In some embodiments, the converter has the function of calculating the complex function required for a and B.
In some embodiments, B will hash (N)B) As a one-time or multi-time public key again, if B is in the same type of exchange, the hash (N)B) The secret key N can be obtained as a one-time or multi-time public key without changing the functionB
In some embodiments, to sign X, X and private key sk are input and enc (hash (ms, hash (sk)), X is output; performing verification through the public key pk, wherein the verification comprises the following steps: inputs Y and pk, and outputs dec (hash (ms, pk), Y). The verification agent checks whether the format of the signature X is correct and/or the signature X is equal to a signature X known by other means; ms is another key that all converters know, and others cannot know the master key, and ms must be distinguished from the master key mk, enc and dec being encryption and decryption functions for symmetric keys in the converters.
In some embodiments, the step of verifying is also used to break encryption.
In some embodiments, an easy-to-compute function f is employed for symmetric encryption, such that dec (k,) is the same as enc (f (k,), unless f is constant or contains a large number of k, the angle of attack can be eliminated using a hash operation.
In yet another aspect of the present disclosure, there is also provided a machine readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the method for public key encryption and creation of key signatures for blockchains as described above.
Compared with the prior art, the beneficial effects of the disclosure are:
the use of only symmetric encryption and a hash function secure exchange key to create cryptographic proof of authenticity, integrity and non-repudiation in a basic and very efficient manner, allows the creation of devices that use public keys for encryption and decryption by secret keys, or the creation and verification of devices that use keys to create signatures, these simple encryption devices cannot be successfully reverse engineered.
Drawings
The novel features of the invention are set forth with particularity in the appended claims. A better understanding of the features and advantages of the present invention will be obtained by reference to the following detailed description that sets forth illustrative embodiments, in which the principles of the invention are utilized, and the accompanying drawings. The drawings are only for purposes of illustrating embodiments and are not to be construed as limiting the invention. Also, in the drawings, wherein like reference numerals refer to like elements throughout:
FIG. 1 shows a flowchart of a method for public key encryption and key signature creation for blockchains according to an example embodiment of the present disclosure; and
fig. 2 is a schematic diagram illustrating a device for creating a public key encryption and key signature for a blockchain according to an exemplary embodiment of the disclosure.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art. Nothing in the following detailed description is intended to indicate that any particular component, feature, or step is essential to the invention. Those skilled in the art will appreciate that various features or steps may be substituted for or combined with one another without departing from the scope of the present disclosure.
The solution provided by this embodiment avoids the risk that the asymmetric encryption method adopted in the encryption process is cracked by the quantum computer, in the implementation, a converter is adopted, the converter is internally provided with an encryption calculation program enc, a decryption calculation program dec, a secret value mk and other necessary programs, all converters needing to transmit information are internally provided with the secret value mk, the secret value mk is kept consistent and is unknown to other parties, and the security problem of key transmission in the symmetric encryption method is avoided by this way. Such a converter may be used not only for blockchain encryption but also for other encryption applications. In order to adopt the public key encryption mode, the invention also provides a method, which expands the functions of the converter, adds another secret value ms which is only known by the converter and is kept consistent in different converters, provides an expanded encryption calculation program enc and a decryption calculation program dec, and realizes the verification of the public key and other related encryption applications.
Fig. 1 shows a flowchart of a public key encryption and key signature creation method for a blockchain according to an example embodiment of the present disclosure. As shown in fig. 1, a method for creating a public key encryption and a key signature for a blockchain includes:
step S101, a function is constructed, so that data are encrypted under a public key, a party with a converter creates a message, only a receiver corresponding to the used public key can decrypt the message, and only a corresponding secret key which cannot be obtained from public key calculation can be used for decryption, and therefore public key encryption creation of a block chain is achieved;
step S102, selecting a secret value different from the secret value created by encryption of the public key for realizing the block chain, sharing the secret value for all converters and being unknown by other parties, and checking whether the signature format is correct and/or whether the signature is equal to another signature obtained by other modes by the verification agent through Hash operation and verification steps.
In this embodiment, if we can decompose the functions, then there is an opportunity for an attacker to bypass the functions, so the functions are provided to the user as a complete software package, the attacker is denied the opportunity to bypass decomposing the functions, and a portion of the public key is retained as a secret in the complete software package, so that the public key cannot be self-reconstructed.
In this embodiment, a converter is used to perform a plurality of secure key agreement methods using a self-generated entropy method or a user-generated entropy method, which includes hashing the entropy to prevent attacks by an intermediate party.
In this embodiment, for the last protocol developed, the self-generated entropy method and the user-dependent entropy generation method each include: the entropy is subjected to Hash operation to prevent the attack of an intermediate party.
In this embodiment, the step S101 includes: for users A and B who try to agree on the key, they own a converter respectively, and the transmission starts with A sending out a negotiation signal to B, B randomly generating a secret number N in real timeBRear pair of NBHash operation is carried out to obtain hash (N)B) And transmitted to A; a generates X and performs an encryption calculation using a transformer, V ═ enc (hash (mk, hash (N))B) Hash (x)); a transfers V value to B, B transfers V value and NBThe values are input to the converter which performs decryption to calculate dec (hash (mk, hash (N)B) V), the calculation should be equal to hash (x), a and B finally confirm the key hash (x) by agreeing on the public trust channel with hash (x), where mk is the master key known to all converters, others cannot know it, enc and dec are the encryption and decryption functions used for symmetric keys in converters.
In this embodiment, all communications, including within the final confirmation, may be completed over the Dolev-Yao network.
In this embodiment, the converter has the function of calculating the complex function required for a and B.
In this embodiment, B will hash (N)B) As a one-time or multi-time public key again, if B is in the same type of exchange, the hash (N)B) The secret key N can be obtained as a one-time or multi-time public key without changing the functionB
In this embodiment, the step S102 includes: to sign X, enter X and private key sk and output enc (hash (ms, hash (sk)), X); performing verification through the public key pk, wherein the verification comprises the following steps: inputs Y and pk, and outputs dec (hash (ms, pk), Y). The verification agent checks whether the format of the signature X is correct and/or the signature X is equal to a signature X known by other means; ms is another key that all converters know, and others cannot know the master key, and ms must be distinguished from the master key mk, enc and dec being encryption and decryption functions for symmetric keys in the converters.
In this embodiment, the step of verifying is also used to break encryption.
In this embodiment, an easy-to-compute function f is used for symmetric encryption, so that dec (k,) is the same as enc (f (k,), and unless f is constant or contains a large number of k, the attack angle can be eliminated using a hash operation.
Assuming that there is a universally accessible timestamp database, such as a blockchain, the constructed public key encryption device has the following properties:
first, the same devices, or a small number of types of devices characterized by roles, are widely distributed and commonly owned by all trusted parties and potential attackers with whom the devices can securely interact and in some cases interact with each other over unsecured networks;
second, the device calculates or transmits a plurality of values according to publicly available prior art methods, but is only allowed to hold secret values that are not available to external parties, as well as to the device's own user, which are created equally in all instances or during the calculation process;
thirdly, the device does not use a public key or other encryption technologies with potential quantum loopholes, and the computation performed by the device is small in amount and high in economical efficiency;
fourth, the device lets its users exchange or develop keys that are not known to other parties;
in this embodiment, it is assumed that Alice and Bob are two users attempting to confirm the key, possess converters a and B, respectively, and may generate a key hash (x) through the following protocol, and Alice and Bob may confirm the hash (x)) through the public trusted channel. All communications, including within the final confirmation, may be completed over the Dolev-Yao network.
mk is the master key that all converters know, and others cannot know it. Then the protocol flow may be characterized by the following code:
alice- > Bob: starting;
bob randomly generates N in real timeB
Bob->Alice to NBHash operation is carried out to obtain hash (N)B);
Alice generates X and performs a cryptographic calculation using a, V ═ enc (hash (mk, hash (N)B)),hash(X));
Alice- > Bob: sending the V;
bob combines the value of V with NBThe value is given to B, B performs decryption to calculate dec (hash (mk, hash (N)B) V), the result of which should be equal to hash (x).
Where enc and dec are operations performed in the converter, some suitable encryption and decryption functions of the symmetric key may be used. The converter must have two functions, namely the computation of the encryption-decryption complex function required by Alice and the computation of the encryption-decryption complex function required by Bob.
In this example, NBOnly Bob knows and uses it to calculate the final key hash (x) as a secret value, which requires the value sent by Alice and the corresponding calculation function of Bob's converter.
If Bob reuses N in future exchanges of the same typeBThere will not be much change, but Bob no longer has the protocol's beginning with the hash (N)B) Formally transmitted one-time NBAnd a direct causal relationship with the final received message. In any case, Bob gives little assurance that any one can send a version of the hash (N) with overhead to it in any caseB) And (5) finishing the message. The protocol determined by the embodiment ensures that no one except the user using a and the user using B can know the hash (x) of the end of the protocol, and more information can not be known due to the lack of the identification information of the converter. Alice and Bob can only identify the opposite party by comparing the Hash (X) of the public trust channel, so that Bob has the possibility of hashing (N)B) And can be reused as a one-time or multi-time public key. Anyone who knows this hash value can successfully send a message in the protocol described above to Bob, since Bob knows NBThe converter of (1) will be able to decode accurately, so NBIs a public key hash (N)B) The secret key of (2). This is an ideal pairing because the difficulty in deriving the key from the public key is exactly the pre-image resistance of the cryptographic hash function.
The above protocol is not strictly public key encryption because X is used for the input of "encryption", hash (X) comes from "decryption", and the reason for the hash calculation is to prevent decryption corruption by the intermediary party. Without hashing, Alice sends X to Eve unconsciously, and Eve can send X to Bob, which neither Alice nor Bob can perceive. Furthermore, if Alice knows Hash (N)B) Is generated by Bob instead of Eve, the above becomes impossible because in such a MITM attack Eve needs to create its own Hash (N)B) So that the decryption function of its own converter can be used, in which case the hash of "X" can be removed from "encryption", Alice can know that only Bob can decrypt its information.
Each node has registered a form pkA=hash(skA) For which they have signed the appropriate key certificate. Given X and pk, the converter will calculate enc (hash (mk, pk), X) for the user in the encryption mode. For given Y and sk, the transformer computes dec (hash (mk, hash (sk)), Y) in the decrypted mode, which is just the expected effect of public key encryption. Any person who owns the converter can create a message that can only be decrypted by the recipient using the public key. The converter thus implements an asymmetric encrypted messaging function.
Decryption is difficult to manipulate on the key because the process is almost impossible to reverse and illegal decryption purposes are achieved by construction, just as we have broken the specification of public key encryption into components. Of course, this architecturally designed public key cryptography has two drawbacks, first, it does not provide the original evidence; secondly, the plaintext can be checked as long as it can be guessed, however, this overcomes the first disadvantage by signing and prevents the second disadvantage by spreading, i.e. selecting a number of bits as padding sufficiently randomly before encryption.
Most cryptologists sign with a public key encryption algorithm, and if Alice encrypts something with her secret key, anyone can verify by decrypting with Alice's public key, however this operation becomes meaningless because no consensus mechanism function is implemented. Nor is it applicable to decrypting sk, and then encryption under pk does so unless the underlying symmetric encryption has the property that the encryption decrypted using the same key is an identity function. However, this embodiment may extend the converter functionality for signature creation: to sign X, input X and sk and output enc (hash (ms, hash (sk)), X); the step of verifying by pk comprises: inputs Y and pk, and outputs dec (hash (ms, pk), Y). The validation agent can check if the format is correct and/or equal to some X, ms, which is known by other means, a key that all other converters know, and other people cannot know the master key, and ms must be different from the master keys mk, enc and dec, encryption and decryption functions for symmetric keys in the converters. If the secret value ms is equal to mk, the verification behavior will be easily cracked.
The above protocol can solve the problem of public key encryption, and does not relate to the requirement of avoiding reverse engineering. Under this assumption, the main potential for the insecurity seen in the encryption mode is that for a given encryption enc (hash (mk, pk) ·), there is a way to decrypt it without knowing sk using the provided converter with multiple features. If enc (k, enc (k, X)) -X or an element is obtained from which X can be derived, the protocol becomes worthless and therefore care needs to be taken in choosing symmetric encryption, otherwise it is almost impossible to achieve any particular purpose of the encryption key using the hash hypothesis results in the key construction and results. For some symmetric encryption, a function f easy to calculate is adopted, such that dec (k, ·) is the same as enc (f (k), ·), and unless f is fixed or contains a large number of k, the attack angle of the encryption method is eliminated by using a hash operation. This does not apply for some other key constructions. The hash operation is equally used, different mk and ms values are adopted, mutual interference between encryption and signature modes of the converter is not necessary to be worried about, and even if an attacker freely inputs character strings with any correct length in any mode to replace hash output of pk, the interference between the modes is not necessary to be worried about. For any particular symmetric encryption method, the independent characteristics of the mode-dependent operation in the architecture are considered, but the switching between the modes is not affected.
Fig. 2 is a schematic structural diagram illustrating a creation apparatus for public key encryption and key signature of a blockchain according to an exemplary embodiment of the present disclosure. As shown in fig. 2, the apparatus for creating a public key encryption and key signature for a blockchain includes a processor 201, where the processor 201 may be used in a method for creating a public key encryption and key signature for a blockchain, which includes:
step S101, a function is constructed, so that data are encrypted under a public key, a party with a converter creates a message, only a receiver corresponding to the used public key can decrypt the message, and only a corresponding secret key which cannot be obtained from public key calculation can be used for decryption, and therefore public key encryption creation of a block chain is achieved;
step S102, selecting a secret value different from the secret value created by encryption of the public key for realizing the block chain, sharing the secret value for all converters and being unknown by other parties, and checking whether the signature format is correct and/or whether the signature is equal to another signature obtained by other modes by the verification agent through Hash operation and verification steps.
In this embodiment, if we can decompose the functions, then there is an opportunity for an attacker to bypass the functions, so the functions are provided to the user as a complete software package, the attacker is denied the opportunity to bypass decomposing the functions, and a portion of the public key is retained as a secret in the complete software package, so that the public key cannot be self-reconstructed.
In this embodiment, a converter is used to perform a plurality of secure key agreement methods using a self-generated entropy method or a user-generated entropy method, which includes hashing the entropy to prevent attacks by an intermediate party.
In this embodiment, for the last protocol developed, the self-generated entropy method and the user-dependent entropy generation method each include: the entropy is subjected to Hash operation to prevent the attack of an intermediate party.
In this embodiment, the step S101 includes: for users A and B trying to agree on the key, A sends out a negotiation signal to B, and B randomly generates a secret number N in real timeBRear pair of NBHash operation is carried out to obtain hash (N)B) And transmitted to A; a generates X and performs an encryption calculation using a transformer, V ═ enc (hash (mk, hash (N))B) Hash (x)); a transfers V value to B, B transfers V value and NBThe values are input to the converter which performs decryption to calculate dec (hash (mk, hash (N)B) V), the calculation should be equal to hash (x), a and B finally confirm the key hash (x) by agreeing on the public trust channel with hash (x), where mk is the master key known to all converters, others cannot know it, enc and dec are the encryption and decryption functions used for symmetric keys in converters.
In this embodiment, all communications including the final acknowledgement may be in
Done on a Dolev-Yao network.
In this embodiment, the converter has the function of calculating the complex function required for a and B.
In this embodiment, B will hash (N)B) As a one-time or multi-time public key again, if B is in the same type of exchange, the hash (N)B) The secret key N can be obtained as a one-time or multi-time public key without changing the functionB
In this embodiment, the step S102 includes: when all nodes have registered the authenticated and authorized public key sk, the converter may perform public key encryption and verification. To sign X, enter X and private key sk and output enc (hash (ms, hash (sk)), X); performing verification through the public key pk, wherein the verification comprises the following steps: inputting Y and a public key pk, outputting dec (hash (ms, pk), Y), and checking whether the format of the signature X is correct and/or the signature X is equal to a signature X known by other methods by a verification agent; ms is another key that all converters know, and others cannot know the master key, and ms must be distinguished from the master key mk, enc and dec being encryption and decryption functions for symmetric keys in the converters.
In this embodiment, the step of verifying is also used to break encryption.
In this embodiment, an easy-to-compute function f is used for symmetric encryption, such that dec (k,) is the same as enc (f (k,), and unless f is fixed or contains a large number of k, the attack angle of the symmetric encryption algorithm can be eliminated using a hash operation.
In yet another aspect of the present disclosure, there is also provided a machine readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the method for public key encryption and creation of key signatures for blockchains as described above. The technical solutions for public key encryption and key signature creation for the blockchain have been described in detail above, and are not described herein again. In some implementations, the machine-readable storage medium is a tangible component of a digital processing device. In other embodiments, the machine-readable storage medium is optionally removable from the digital processing apparatus. In some embodiments, the machine-readable storage medium may include, by way of non-limiting example, a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a flash Memory, a programmable Read-Only Memory (PROM), an erasable programmable Read-Only Memory (EPROM), a solid-state Memory, a magnetic disk, an optical disk, a cloud computing system or service, and so forth.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order, and/or performed in parallel. Moreover, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the invention is not limited in this respect.
In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the disclosure may be practiced without these specific details. In some embodiments, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
While exemplary embodiments of the present invention have been shown and described herein, it will be obvious to those skilled in the art that such embodiments are provided by way of example only. Numerous modifications, changes, and substitutions will now occur to those skilled in the art without departing from the invention. It should be understood that various alternatives to the embodiments of the invention described herein may be employed in practicing the invention. It is intended that the following claims define the scope of the invention and that methods and structures within the scope of these claims and their equivalents be covered thereby.

Claims (21)

1. A method for creating a public key encryption and a key signature for a blockchain is characterized by comprising the following steps:
step S101, a function is constructed, so that the data is encrypted under a public key, a party owning a transducer creates a message, only a receiver using the public key can decrypt the message, and only a corresponding secret key which can hardly be obtained from public key calculation can be used for decrypting the message, and therefore public key encryption creation of a block chain is achieved;
step S102, selecting a secret value different from the secret value created by the public key encryption of the block chain, sharing the secret value with all the transducers and being unknown by other parties, checking whether the signature format is correct and/or whether the signature is equal to another signature known by other modes by the verification agent through Hash operation and verification steps,
characterized in that said step S102 comprises: to sign X, input X and sk and output enc (hash (ms, hash (sk)), X); verifying by pk, the verifying comprising: inputting Y and pk, outputting dec (hash (ms, pk), Y), the validation agent checking whether the format of said signature X is correct and/or said signature X is equal to a signature X known by other means, where pk = hash (sk); ms is another key shared by all converters, others cannot know ms, and ms is not equal to mk.
2. The method for creating a public key encryption and key signature for a blockchain according to claim 1, wherein the method comprises the following steps: the function is provided to the user as a complete software package, denying the attacker the opportunity to bypass decomposing the function, and leaving a portion of the public key with the secret value in the complete software package so that the public key cannot be self-reconstructed.
3. The method for creating a public key encryption and key signature for a blockchain according to claim 1, wherein the method comprises the following steps: the method for carrying out the secure key agreement by using the energy converter comprises the steps of carrying out Hash operation on entropy to prevent attack of a middle party.
4. A method for creating public key encryption and key signature for blockchains according to claim 3, characterized in that: for a protocol developed last, the self-generated entropy method and the method of generating entropy by means of a user both comprise: the entropy is subjected to Hash operation to prevent the attack of an intermediate party.
5. The method according to claim 1, wherein the step S101 comprises: for users A and B trying to agree on the key, A sends out a negotiation signal to B, and B randomly generates a secret number N in real timeBRear pair of NBPerforming Hash operation to obtainhash(N B ),The secret number NBOnly B knows and needs to release the last key hash (x); a generates X and calculates V = enc (hash (mk, hash (N)) using XB) Hash (x)); a transfers V value to B, B transfers V value and NBA value is assigned to C, and dec (hash (mk, hash (N) is calculatedB) V), where the hash operation is performed by C computation, from directly inputted NBSend the result of the calculation to B, which should be equal tohash(X)A and B agree on a common trust channelhash(hash(X))To finally validate the key hashhash(X),Obtaining a secret key NBWhereinmkIs a master key that all transducers know, and others cannot know, enc and dec being encryption and decryption functions for symmetric keys.
6. The method for creating public key encryption and key signature for blockchains according to claim 5, wherein: all communications except the final confirmation are completed over the Dolev-Yao network.
7. The method for creating a public key encryption and key signature for a blockchain according to claim 1, wherein the method comprises the following steps: the transducer has the function of calculating the complex function required for a and B.
8. The method for creating public key encryption and key signature for blockchains according to claim 5, wherein: b will hash (N)B) As a one-time or multi-time public key again, if B is in the same type of exchange, the hash (N)B) The secret key N can be obtained as a one-time or multi-time public key without changing the functionB
9. The method for creating a public key encryption and key signature for a blockchain according to claim 1, wherein the method comprises the following steps: the step of verifying is also used to crack the encryption.
10. A method for creating a public key encryption and key signature for a blockchain according to any one of claims 1 or 5, wherein: for symmetric encryption and easy to compute functions f, dec (k,) is the same as enc (f (k,), unless f is an identification function or contains a large number of k, the use of hashing eliminates attacks on the middle parties.
11. A creation apparatus for public key encryption and key signature of a blockchain, characterized by: comprising a processor, wherein the processor is operable to:
constructing a function so as to encrypt data under a public key, wherein a party with a transducer creates a message, only a receiver using the public key can decrypt the message, and only a corresponding secret key which can hardly be obtained from public key calculation can be used for decrypting the message, thereby realizing public key encryption creation of a block chain;
selecting a secret value different from the secret value created by the public key encryption for realizing the block chain, sharing the secret value for all the transducers, being unknown by other parties, checking whether the signature format is correct and/or whether the signature is equal to another signature known by other modes by a verification agent through a Hash operation and a verification step,
the method is characterized in that: to sign X, input X and sk and output enc (hash (ms, hash (sk)), X); verifying by pk, the verifying comprising: inputting Y and pk, outputting dec (hash (ms, pk), Y), the validation agent checking whether the format of said signature X is correct and/or said signature X is equal to a signature X known by other means, where pk = hash (sk); ms is another key shared by all converters, others cannot know ms, and ms is not equal to mk.
12. The apparatus for creating a public key encryption and key signature for a blockchain according to claim 11, wherein: the function is provided to the user as a complete software package, denying the attacker the opportunity to bypass decomposing the function, and leaving a portion of the public key with the secret value in the complete software package so that the public key cannot be self-reconstructed.
13. The apparatus for creating a public key encryption and key signature for a blockchain according to claim 11, wherein: the method for carrying out the secure key agreement by using the energy converter comprises the steps of carrying out Hash operation on entropy to prevent attack of a middle party.
14. The apparatus for creating a public key encryption and key signature for a blockchain according to claim 13, wherein: for a protocol developed last, the self-generated entropy method and the method of generating entropy by means of a user both comprise: the entropy is subjected to Hash operation to prevent the attack of an intermediate party.
15. The apparatus for creating a public key encryption and key signature for a blockchain according to claim 11, wherein: the function includes: for users A and B trying to agree on the key, A sends out a negotiation signal to B, and B randomly generates a secret number N in real timeBRear pair of NBPerforming Hash operation to obtainhash(N B ),The secret number NBOnly B knows and needs to release the last key hash (x); a generates X and calculates V = enc (hash (mk, hash (N)) using XB) Hash (x)); a transfers V value to B, B transfers V value and NBA value is assigned to C, and dec (hash (mk, hash (N) is calculatedB) V), where the hash operation is performed by C calculation,n from direct inputBSend the result of the calculation to B, which should be equal tohash(X)A and B agree on a common trust channelhash(hash(X))To finally validate the key hashhash(X),Obtaining a secret key NBWhereinmkIs a master key that all transducers know, and others cannot know, enc and dec being encryption and decryption functions for symmetric keys.
16. The apparatus for creating a public key encryption and key signature for a blockchain according to claim 15, wherein: all communications except this final confirmation are done over the Dolev-Yao network.
17. The apparatus for creating a public key encryption and key signature for a blockchain according to claim 11, wherein: the transducer has the function of calculating the complex function required for a and B.
18. The apparatus for creating a public key encryption and key signature for a blockchain according to claim 15, wherein: b will hash (N)B) As a one-time or multi-time public key again, if B is in the same type of exchange, the hash (N)B) The secret key N can be obtained as a one-time or multi-time public key without changing the functionB
19. The apparatus for creating a public key encryption and key signature for a blockchain according to claim 11, wherein: the step of verifying is also used to crack the encryption.
20. A creation apparatus for public key encryption and key signature of a blockchain according to any one of claims 11 or 15, wherein: for symmetric encryption and easy to compute functions f, dec (k,) is the same as enc (f (k,), unless f is an identification function or contains a large number of k, the use of hashing eliminates attacks on the middle parties.
21. A machine readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the method for creation of a public key encryption and key signature for a blockchain according to any one of claims 1 to 10.
CN201811300417.4A 2018-11-02 2018-11-02 Method and device for creating public key encryption and key signature and readable storage medium Active CN109274502B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811300417.4A CN109274502B (en) 2018-11-02 2018-11-02 Method and device for creating public key encryption and key signature and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811300417.4A CN109274502B (en) 2018-11-02 2018-11-02 Method and device for creating public key encryption and key signature and readable storage medium

Publications (2)

Publication Number Publication Date
CN109274502A CN109274502A (en) 2019-01-25
CN109274502B true CN109274502B (en) 2021-11-23

Family

ID=65191963

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811300417.4A Active CN109274502B (en) 2018-11-02 2018-11-02 Method and device for creating public key encryption and key signature and readable storage medium

Country Status (1)

Country Link
CN (1) CN109274502B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109672518B (en) * 2019-03-02 2022-04-12 西安安盟智能科技股份有限公司 Node data processing of quantum attack resistant blockchains
CN109981677B (en) * 2019-04-08 2021-02-12 北京深思数盾科技股份有限公司 Credit granting management method and device
CN111030821B (en) * 2019-08-27 2022-07-12 杭州云象网络技术有限公司 Encryption method of alliance chain based on bilinear mapping technology
CN110598435B (en) * 2019-09-17 2021-11-19 上海保险交易所股份有限公司 Method, apparatus and readable medium for managing insurance agent history through blockchain
CN111193750A (en) * 2020-01-06 2020-05-22 李蕴光 Mailbox encryption method, mailbox decryption method and mailbox processing method based on block chain
CN111478907B (en) * 2020-04-08 2022-03-04 杭州复杂美科技有限公司 Anti-attack method, equipment and storage medium for parallel chain private transaction
CN112765684B (en) * 2021-04-12 2021-07-30 腾讯科技(深圳)有限公司 Block chain node terminal management method, device, equipment and storage medium
CN118400196B (en) * 2024-06-27 2024-08-23 中国人民解放军国防科技大学 Short text symmetric encryption and decryption method, device, equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102098157A (en) * 2009-12-10 2011-06-15 塔塔咨询服务有限公司 A system and method for designing secure client-server communication protocols based on certificateless public key infrastructure
CN107171806A (en) * 2017-05-18 2017-09-15 北京航空航天大学 Mobile terminal network cryptographic key negotiation method based on block chain
CN107493273A (en) * 2017-08-02 2017-12-19 深圳市易成自动驾驶技术有限公司 Identity identifying method, system and computer-readable recording medium
CN107819583A (en) * 2016-09-13 2018-03-20 渡边浩志 The anti-abuse technology of key
US10102526B1 (en) * 2017-03-31 2018-10-16 Vijay K. Madisetti Method and system for blockchain-based combined identity, ownership, integrity and custody management
CN108667598A (en) * 2018-04-28 2018-10-16 克洛斯比尔有限公司 For realizing the device and method and security key exchange method of security key exchange

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102098157A (en) * 2009-12-10 2011-06-15 塔塔咨询服务有限公司 A system and method for designing secure client-server communication protocols based on certificateless public key infrastructure
CN107819583A (en) * 2016-09-13 2018-03-20 渡边浩志 The anti-abuse technology of key
US10102526B1 (en) * 2017-03-31 2018-10-16 Vijay K. Madisetti Method and system for blockchain-based combined identity, ownership, integrity and custody management
CN107171806A (en) * 2017-05-18 2017-09-15 北京航空航天大学 Mobile terminal network cryptographic key negotiation method based on block chain
CN107493273A (en) * 2017-08-02 2017-12-19 深圳市易成自动驾驶技术有限公司 Identity identifying method, system and computer-readable recording medium
CN108667598A (en) * 2018-04-28 2018-10-16 克洛斯比尔有限公司 For realizing the device and method and security key exchange method of security key exchange

Also Published As

Publication number Publication date
CN109274502A (en) 2019-01-25

Similar Documents

Publication Publication Date Title
CN109274502B (en) Method and device for creating public key encryption and key signature and readable storage medium
US8670563B2 (en) System and method for designing secure client-server communication protocols based on certificateless public key infrastructure
JP4944886B2 (en) Cryptographic authentication and / or shared encryption key configuration using signature keys encrypted with non-one-time pad cryptography, including but not limited to technology with improved security against malleable attacks
CN107947913B (en) Anonymous authentication method and system based on identity
CN109559122A (en) Block chain data transmission method and block chain data transmission system
EP3642997A1 (en) Secure communications providing forward secrecy
US9130744B1 (en) Sending an encrypted key pair and a secret shared by two devices to a trusted intermediary
Ma et al. Distributed access control with adaptive privacy preserving property for wireless sensor networks
KR101516114B1 (en) Certificate-based proxy re-encryption method and its system
JP2022500920A (en) Systems and methods for sharing common secrets implemented by computers
CN106713349B (en) Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text
CN101277186B (en) Method for implementing exterior authentication using asymmetry key algorithm
Baee et al. The Security of “2FLIP” Authentication Scheme for VANETs: Attacks and Rectifications
CN113242129B (en) End-to-end data confidentiality and integrity protection method based on lattice encryption
Gobi et al. A comparative study on the performance and the security of RSA and ECC algorithm
CN110572257B (en) Identity-based data source identification method and system
Phan et al. Cryptanalysis of the n-party encrypted diffie-hellman key exchange using different passwords
KR102304831B1 (en) Encryption systems and method using permutaion group based cryptographic techniques
Surya et al. Single sign on mechanism using attribute based encryption in distributed computer networks
CN114070550A (en) Information processing method, device, equipment and storage medium
WO2010076899A1 (en) Broadcast encryption system, sender apparatus, user apparatus, encapsulation/decapsulation method
Citharthan et al. Role of cryptography and its challenges in integrating secured IoT products
CN116781243B (en) Unintentional transmission method based on homomorphic encryption, medium and electronic equipment
JP7377495B2 (en) Cryptographic systems and methods
Yau et al. On the Security of a Non-Interactive Authenticated Key Agreement over Mobile Communication Networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant